Privacy

Choose a heading below find out more information. 

Births, marriages and deaths

Births, marriages and deaths

This policy explains how the information we collect about you is used and your rights in relation to that information.

Personal information collected from you in order to register an event is required by law. The main legislation which governs the collection of registration information is the Births and Deaths Registration Act 1953, the Marriage Act 1949 and the Civil Partnership Act 2004. You may be legally obliged by these acts, and other pieces of legislation, to provide certain pieces of information. If you fail to provide information you are required to give us you may, amongst other things, be liable to a fine, or we may not be able to provide the service you are applying for, such as a marriage or a civil partnership.

Personal information may also be collected from you if you are make an application to this office, for example for a certificate or to correct information contained in a register entry.

The information you provide will be held and processed by registration officers for this registration district.

The Superintendent Registrar is a data controller for birth, marriage and death registrations and can be contacted at: rhylregisteroffice@denbighshire.gov.uk or 01824 708100.

The Local Authority is a data controller for civil partnership registrations and can be contacted at: rhylregisteroffice@denbighshire.gov.uk or 01824 708100.

The Registrar General for England and Wales is a joint data controller for birth, marriage, death and civil partnership registrations and can be contacted at the General Register Office, Trafalgar Road, Southport, PR8 2HH.

The Data Protection Officer for the Local Authority can be contacted at:

Denbighshire County Council
P O Box 62
Ruthin
LL15 9AX

or 01824 706000.

A copy of any register entry will be provided by this office in accordance with the law to any applicant, provided they supply enough information to identify the entry concerned and pay the appropriate fee. The copy may only be issued in the form of a paper certified copy (a “certificate”). An application for a certificate may also be made to the General Register Office.

Indexes for events registered at this office are publicly available in order to help members of the public identify the registration record they might need. Indexes are available in manual format and on the North Wales BMD website (external website).

A copy of the information collected by a registration officer will also be sent to the Registrar General for England and Wales so that a central record of all registrations can be maintained.  

Registration information held at this office may be shared with other organisations in the course of carrying out our functions, or to enable others to perform theirs. We will only share information where there is a lawful basis to do so for the following reasons:

  1. Statistical or research purposes
  2. Administrative purposes by official bodies e.g. ensuring their records are up-to-date in order to provide services to the public
  3. Fraud prevention or detection, immigration and passport purposes

Further information on data held by the registration service and a full list of the organisations with whom registration data is shared, the purpose and the lawful basis for sharing the data can be found by contacting the Superintendent Registrar at rhylregisteroffice@denbighshire.gov.uk.

You have the right to request access to the personal information we hold about you, to be informed about the collection and use of your personal information, for incorrect information to be corrected (where the law permits) and to request us to restrict the processing of your personal information. In certain circumstances you have the right to object to the processing of your personal information. Your information will not be subjected to automated decision-making.

Registration information is retained indefinitely as required by law. Other personal data will be held for the period specified in the Corporate Records Retention Scheme.

If you have any questions or concerns about the collection, use or disclosure of your personal information please contact the Superintendent Registrar at rhylregisteroffice@denbighshire.gov.uk

You have the right to complain to the Information Commissioner’s Office about the way we are handling your personal information. Details on how you can do this can be found at the Information Commissioner’s Office website (external website).

Denbighshire County Council Privacy Notice

Denbighshire County Council Privacy Notice

Identity and contact details of the Council

Denbighshire County Council is a 'data controller' and is notified with the Information Commissioner. Our notification number is Z573781X.

As a data controller, the Council will make every reasonable effort to ensure that we or any third party who may process data on our behalf, complies with the principles of Data Protection legislation when processing personal data.

You can contact us for a range of services, or via forms on our website.

Issues of how data is handled are dealt with by the Council's Data Protection Officer who can be contacted by email at dataprotection@denbighshire.gov.uk or at the postal address shown above.

As a public authority, we must comply with all relevant legislation relating to data handling. The Information Commissioner's Office (ICO) is the supervisory authority in the United Kingdom established to ensure that your data rights are upheld.

Categories of personal data we hold

Obtaining, recording, holding and dealing with personal information is known as 'processing'.  

We hold a variety of different categories of data depending on the relationship the Council has with you. We may be holding such information as your name, address, date of birth or bank account details, but we could also be holding more sensitive types of information about you for example, information about your health, religion, sexual orientation or any criminal offences you may have committed. The type of information we hold will depend upon the service being delivered.

Personal data could be information which is held on a computer, in a paper record i.e. a file, but it can also include other types of electronically held information i.e. CCTV images.

How departments within the Council collect and use your personal data

Denbighshire County Council has overall responsibility for a wide range of public services across our Local Authority Area and it is necessary to collect personal data to enable those services to be delivered to residents.

A list of Council services can be found on our website.

Here are some examples of how we collect and use your data:

Providing a service

We hold the details of these people who have requested a service in order to provide it. However, we only use these details to provide the service requested or for other closely related services.  

Personal information is collected and used when we provide social care services or administer council tax, housing benefit, grants and other important services to the public.

Enforcement

Some departments collect personal data as a result of enforcement activity carried out by the Council.  For example, such data is collected by our Public Protection and our Highways departments when enforcing regulations concerning trading standards, fly-tipping, highways and parking offences.

Marketing

Some departments provide discretionary services and invite you to sign up for mailing lists in order to be kept informed of their services, special offers or activities which may interest you.  This personal data is collected only where you provide your consent that you wish to be kept informed.  

You are able to and have the right unsubscribe or ask for your data to be erased when you no longer wish to receive marketing information.

Recruitment

When individuals apply to work for the Council, we will only use the information they supply to process their application and to monitor equal opportunities statistics. 

Once a person has taken up employment with the Council we compile a personnel file relating to their employment. The information contained in this is kept secure and will only be used for purposes directly relevant to that employment.

Registering to vote

When a person registers to vote, their name and address are included in the electoral register. Two versions of the register are compiled and published each year.  The Full Register is available for inspection under supervision. 

The Edited Register does not include the names and addresses of people who have asked to be excluded from this version of the register. The Edited Register can be bought by anyone who asks for a copy and they may use it for any purpose.

The source of personal data

The vast majority of personal data we hold will have been provided to us directly from you.  There are occasions where personal data is collected about you in other ways.

This includes:

  • When partner agencies share information with us to provide a joined-up service to you
  • When you move into our Local Authority Area, data may be shared from your previous local authority
  • When the police and other law enforcement agencies share information to enable the local authority to safeguard residents
  • When members of the public report issues to us

People we share data with

We share data with others to enable a requested or statutory service to be provided. This could be where we use another agency to deliver the service for us or where we collaborate with other agencies.

The agencies involved may be regional partnerships, Welsh Government, local schools and colleges, and the Health Trusts.  We also provide information on occasion to the private and charity sectors where they are involved in the delivery of service for us.

Joint working example

A request for aids and equipment to assist an elderly service user. Such a request would be a service that could be delivered jointly by our Social Care, Health and Housing teams as well as with the Health Board.

A paid-for service example

We pay some organisations to provide services on our behalf such as providers of residential accommodation and home care. In such cases, the information provided to them is only the minimum necessary to enable them to provide services to you on our behalf.

Transfer of information to another local authority

Personal information about you may also be provided to other local authorities. An example would be where you have moved from one area to another and it is necessary to share personal information to allow for services you are receiving to continue.

Transfer of information required by law

We also share personal information where we are required to do so by law. Examples include where we are required to publish or report matters to Welsh Government, to assist law enforcement agencies prevent, detect and prosecute crime, to protect the vital interests of the person concerned or to comply with a Court Order.

Access to information by private companies

In some instances we share information with private companies in order for them to act as data processor for us.  Such arrangements are subject to data processing agreements with strict rules on processing to keep the data secure. 

On occasions, some private sector companies may have access to personal data in a strictly controlled way in order to carry out defined maintenance activity on the system for a limited time period.


As a public authority, we are required by law to protect the public funds we administer. We may share information provided to us with other bodies responsible for auditing or administering public funds, in order to prevent and detect fraud. The Auditor General is responsible for carrying out data matching exercises under its powers under the Public Audit (Wales) Act 2004.

Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows fraudulent claims and payments to be identified. Where a match is found it indicates that there is an inconsistency which requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out.

The Auditor General currently requires us to participate in a data matching exercise to assist in the prevention and detection of fraud. The Auditor General requires this authority to provide information it holds for this purpose. We are required to provide particular sets of data to the Auditor General for matching. Details are set out on the Wales Audit Office website (external website). As the use of data by the Auditor General in a data matching exercise is carried out with statutory authority (Part 3A of the Public Audit (Wales) Act 2004), it does not require the consent of the individuals concerned under the Data Protection Act 1998. Data matching by the Auditor General is subject to a Code of Practice. This is to help all bodies involved in data matching to comply with the law and good practice, including maintaining data security.

For further information on the Auditor General’s legal powers and the reasons why he matches particular information, see Wales Audit Office website (external website).

How long we keep your data

Data is held for no longer than is necessary and the Council follows legal guidelines and best practice on how long information should be kept before it is securely destroyed.

The timeframe for holding data is different depending on the type of data involved. 

Transfers outside the European Economic Area

We do not share personal information beyond the European Economic Area (EEA) on a regular basis.  Transferring personal data to a country beyond this area can only take place if the destination has been the subject of an adequacy decision that it meets certain criteria set by the European Commission. What this means is that we can only send information to a country if it meets very strict standards. If those standards are not in place we will not utilise the services.

In the very rare circumstances that your personal information might be transferred outside of the EEA, you will be notified beforehand, providing that does not conflict with a legal obligation imposed upon the Council.  

Your data rights

1. Right to be informed

We must be completely transparent with you by providing information 'in a concise, transparent, intelligible and easily accessible form, using clear and plain language'. Our privacy notice is one of the ways we try and let you know how data is handled.

2. Right of access

You have the right to access your personal information. For details on how you an access your personal information see our data protection page.

3. Right to rectification

You have the right without undue delay to request the rectification or updating of inaccurate personal data.

4. Right to restrict processing

You can ask for there to be a restriction of processing such as where the accuracy of the personal data is contested. This means that we may only store the personal data and not further process it except in limited circumstances

5. Right to object

You can object to certain types of processing such as direct marketing. The right to object also applies to other types of processing such as processing for scientific, historical research or statistical purposes (although processing may still be carried out for reasons of public interest).

6. Rights on automated decision making and profiling

The law provides safeguards for you against the risk that a potentially damaging decision is taken without human intervention. The right does not apply in certain circumstances such as where you give your explicit consent.

7. Right to data portability

Where personal data is processed on the basis of consent and by automated means, you have the right to have your personal data transmitted directly from one data controller to another where this is technically possible.

8. Right to erasure or 'right to be forgotten'

You can request the erasure of their personal data including when:
(i) the personal data is no longer necessary in relation to the purposes for which they were collected
(ii) you no longer provide your consent, or
(iii) you object to the processing.

The Information Commissioner regulates data handling by organisations in the U.K and work to uphold the data rights of citizens and the Information Commissioner's website provides more information on the data rights available to you (external website).

Withdrawing consent

If you consented to providing your personal information to us and you have changed your mind and you no longer want the Council to hold and process your information, please let us know. In the first instance please contact the relevant department. Withdrawing consent should be as easy to do as when you provided consent in the first place. If that isn't your experience with a particular service it is important you let us know of your difficulties so that we can put that right.

If you encounter any difficulties in withdrawing consent, please contact the Council's Data Protection Officer by email at dataprotection@denbighshire.gov.uk or by writing to:

Data Protection Officer
Denbighshire County Council
PO Box 62
Ruthin
LL15 9AZ

Automated decision making and profiling

The Council does not carry out automated decision-making, and as such any decision taken by us which affects you will always include human intervention.  We do on occasion carry out profiling to enable us as a local authority to target services to those in society who are in need of help and support and who may suffer harm without our assistance.

The right to complain about data handling

The Council sets very high standards for the collection and appropriate use of personal data. We therefore take any complaints about data handling very seriously. We encourage you to bring to our attention where the use of data is unfair, misleading or inappropriate and we also welcome suggestions for improvement.

Informal resolution

In the first instance we would ask that you try and resolve data handling issues directly with the relevant department. You can also contact our Data Protection Officer: dataprotection@denbighshire.gov.uk should you encounter difficulties achieving a resolution with the relevant section.

We are committed to handling data appropriately and are confident that we can resolve most issues informally.

Formal resolution

You can ask for your issue to be investigated via our online complaints form.

If you remain dissatisfied following an internal complaint, you can lodge a complaint with the Information Commissioner: Information Commissioner's Office website (external website).

Education and Children’s Services

Education and Children’s Services

Your data will be processed by Denbighshire County Council for the specific purposes of admissions; transport applications; employment permits; performance licensing; school reorganisation; attainment monitoring and reporting; school governance; health and wellbeing as well as children requiring Early Help, Care and Support or Child Protection concerns or any alleged or proven criminal activity. The processing of your personal data is undertaken as a ‘public task’ which is a requirement of the local authority under the Education Act 1996 and to promote the wellbeing of all individuals under the Social Services and Wellbeing Act (Wales) Act 2014 and to promote the welfare and safety of children under the Children Act 1989 and the All Wales Child Protection Procedures 2008.

Denbighshire County Council may share your data with other local authorities, NHS, Police, Children and Family Services/ Early Help Services if this is necessary to carry out its duties to promote wellbeing and welfare. This may involve transferring your data outside the European Economic Area (EEA) if you have resided in any country outside the EEA.

Denbighshire Independent Young Person's Counselling Service privacy information

The data you supply in a referral will be used by Denbighshire County Council to provide the Counselling service that you have requested for yourself, or on behalf of your child (if you are a parent or guardian).

You have the right to withdraw consent for us to provide these services at any time. We will not transfer your data to any other country either within or outside of the EEA, unless your child is in receipt of support from TRAC and you have signed the separate TRAC notice.

Annually, we anonymise your/ your child’s data and share it securely with Welsh Government. This is a statutory requirement. This helps the Welsh Government understand more about our counselling service and the work we do. We also use a fully encrypted clinical management system to store and process your data to help us give you / your child the best service we can. Any information generated through reports from this system is entirely anonymous.

Denbighshire County Council will retain your / your child’s information as pupil records until their 25th birthday. If you feel that Denbighshire County Council have mishandled your / your child’s personal data at any time you can make a complaint to the Information Commissioner’s Officer (external website).

More information

Please also read the Denbighshire County Council Privacy Notice.

Electoral Registration Officer & Returning Officer Privacy Notice

Electoral Registration Officer & Returning Officer Privacy Notice

This privacy notice explains how the Electoral Registration Officer & Returning Officer for Denbighshire County Council collects and uses personal information about you to deliver services efficiently and effectively

We use this information to enable us to carry out specific functions for which we are responsible and to provide you with a statutory service, as set out in the Representation of the People Act 1983, Electoral Administration Act 2013 and associated regulations.

The Electoral Registration Officer & Returning Officer is the Data Controller and is registered with the Information Commissioner's Office under registration reference Z6341445. The Data Controller is:

Denbighshire County Council
County Hall
Wynnstay Road
Ruthin
LL15 1YN

What information is recorded?

We keep records about potential and actual electors. These may be written down (manual records), or kept on a computer (electronic records).

These records may include:

  • Basic details about you, for example, name, address, date of birth, N I number, contact details (email address/telephone number), nationality and your previous address
  • Absent vote information (postal / proxy including details of your proxy and anyone who has helped you)
  • Scanned application forms & dates of any letters of correspondence
  • Notes about any relevant circumstances that you have told us
  • Other occupants in your home
  • If you are over 76 or under 16/17
  • Whether you have chosen to opt out of the Open version of the Register
  • Any further evidence we may require from you, such as copies of your passport, Marriage certificate, driving licence, biometric residence permit, EEA Identity Card
  • Political Affiliation

It is important that your records are accurate and up-to-date as they will help make sure that our staff are able to provide you with the help, advice or support you need.  If your information is not correct, then please contact us so that we can rectify this.

Gov.uk

To verify your identity, the data you provide will be processed by the Individual Electoral Registration Digital Service managed by the Cabinet Office. As part of this process your data will be shared with the Department of Work and Pensions and the Cabinet Office suppliers that are data processors for the Individual Electoral Registration Digital Service. You can find more information about this at the privacy notice for the register to vote section on Gov.uk (external website).

What is the information used for?

We will only use the information you give us for electoral purposes. We will look after personal information securely and we will follow the data protection legislation. We will not give personal information about you or any personal information you may provide on other people to anyone else or another organisation unless we have to by law.

The Electoral Register is a public document which can be viewed by appointment only under strict control.

Your information may be shared / disclosed with the following –

  • Contracted printer or supplier (processor) who act on our behalf
  • Registered political parties, elected representatives, candidates, agents and other permitted participants who are able to use it for electoral purposes only
  • The Department for Work and Pensions will also use your information to verify your eligibility for the electoral register.
  • Credit reference agencies, the British Library, UK Statistics Authority, the Electoral Commission and other statutory recipients of the Electoral Register
  • Details of whether you have voted (but not how you have voted) to those who are entitled in law to receive it after an election
  • Where the health and safety of others is at risk
  • When the law requires us to pass on information under special circumstances
  • Crime prevention or the detection of fraud as part of the National Fraud Initiative

Anyone who receives information from us has a legal duty to keep it confidential. They won’t use it for any other reasons and they have to look after it in the same way.

We are required by law to report certain information to appropriate authorities, for example:

  • Where a formal court order has been issued.
  • To law enforcement agencies for the prevention or detection of a crime
  • To the Jury Central Summoning Bureau indicating those persons who are aged 76 or over and are no longer eligible for jury service

How long for?

The Electoral Registration Officer & Returning Officer is obliged to process your personal data in relation to preparing for and conducting Elections. Your details will be kept and updated in accordance with our legal obligations and in line with statutory retention periods. The Electoral Registration Officer & Returning Officer maintains a document retention policy incorporated into the corporate document retention policy of Denbighshire County Council.

Special Categories of personal data

Some of the information that is collected is classified as special category personal data. This is processed for reason of substantial public interest as set out in Representation of the People Act 1983 and associated regulations. To process this type of information we have a separate policy document that sets out how this information will be handled.

Right to Object

You have the right to object to the use of your email address or telephone contact details for the purposes of electoral registration. If you no longer want to be contacted by email or telephone you should contact the Electoral Registration Officer who is the Data Controller to unsubscribe.

Right to be Forgotten

This does not apply when maintaining the electoral register. You cannot ask for your details to be removed from current or historical registers.

Further Information

For further information and if you think there has been a breach of your rights, please contact:

Access to Information
Corporate Information Management Team
Denbighshire County Council
PO Box 62
Ruthin
LL15 9AZ

Homes for Ukraine Scheme

Homes for Ukraine Scheme

Overview

Denbighshire County Council and their public sector partners (the Welsh Government, Local Authorities and Health Boards in Wales) are data controllers for any personal data it collects and any personal data which is shared with them by UK Government under the Homes for Ukraine Scheme.

The purpose of this privacy notice is to tell you how Denbighshire County Council and partners will process your personal data for their shared purposes to deliver the scheme and the common objective of providing homes to those fleeing the war in Ukraine. You have rights concerning how your data is processed. We inform you here what those rights are and how you can exercise them.

Denbighshire County Council and partners are committed to protecting the privacy and security of your personal data. As the organisations have distinctive statutory responsibilities and accountabilities, they may publish separate privacy notices where appropriate which further explain how your personal data is used for their respective purposes.

We are only allowed to use, gather and share personal information where we have an appropriate legal basis to do so. We only collect and process personal information to fulfil our legal and official functions. We will only use personal information when the law allows us to and where it is necessary and proportionate to do so.

What personal data we are processing

Your personal data is being processed and used to deliver the Homes for Ukraine scheme, for the purpose of supporting Ukrainian citizens during the arrival process and for the duration of any sponsorship arrangements in Wales. This will include providing and managing essential support services for those arriving in Wales and undertaking required safeguarding checks. The data we process includes:

For Ukrainian citizens

Your name, address, contact details, demographic data, visa status, housing needs and the details of your travelling party.

For sponsors

We process your name, address, contact details, demographic data and details about your property. We may also need to process and use personal data about you and others, such as your household members or others living in your property.

Offers of support

We collect contact details and information on what support is available from known organisations offering support to Ukrainian citizens.

With whom we will be sharing the data and for what purpose

We will be sharing data with third parties, such as public sector partners in Wales and with UK Government. The public sector partners include:

  • The Welsh Government, who share details of the Ukrainian citizens who applied for a visa and the sponsors named via the Homes for Ukraine scheme. They will also share details of offers of support with local authorities, including accommodation offers.
  • Local Authorities, to provide support to Ukrainian citizens and the hosts in their areas. For example, with access to accommodation, education and social care. It will also enable them to undertake property and Disclosure and Barring Service (DBS) checks.
  • Health Boards, to contact Ukrainian citizens to arrange health screenings (primarily for Tuberculosis) and arrange GP registration and other medical treatments as required.
  • Digital Health and Care Wales (DHCW), as data processors our behalf, for the secure transfer and sharing of your personal data between ourselves, local authorities and Health Boards in Wales.
  • Voluntary organisations e.g. British Red Cross, landlords, third sector, to support or move on Ukrainian citizens.

Where offers of support have been provided, we may share information with individual Ukrainian citizens or people acting as their sponsors in Wales so that they can access the support being offered. Where necessary, we will also share personal information with charitable and private sector partners who will be delivering services on our behalf to support Ukrainian citizens, or where we are required to do so by law.

How your data is handled

Personal data provided to us is stored on secure servers. Personal, identifiable data shared with our public sector and other partners will only be transferred using accredited secure data transfer systems. Currently we are not sharing outside of our organisation. Only data necessary for the delivery of support to Ukrainian citizens will be shared.

Personal identifiable data held by Denbighshire County Council will be retained for the duration of the sponsorship scheme, and for a period of seven years afterwards. Data may be retained for longer periods, including by our public sector partners, where there is a statutory obligation or ongoing requirement to do so. The data will be securely destroyed once it is determined that it is no longer required.

Lawful basis for processing the data

We are using the following lawful basis under UK GDPR to process personal data:

Article 6(1)(e) of the UK GDPR - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

We may also process special categories of personal data which may include information about political beliefs, health, sexual orientation, religious beliefs, and biometrics. Where we do so our lawful basis is:

Article 9(2)(g) of the UK GDPR - processing is necessary for reasons of substantial public interest.

Your rights, for example: access, rectification, erasure

Under GDPR, you have the following rights in relation to the personal information you provide us to enable to support you, specifically you have the right:

  • to access a copy of your own data
  • for us to rectify inaccuracies in that data
  • to object to or restrict processing (in certain circumstances)
  • for your data to be 'erased' (in certain circumstances)
  • to lodge a complaint with the Information Commissioner 's Office (ICO) who is our independent regulator for data protection

The contact details for the Information Commissioner's Office are:

Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF.

Phone: 01625 545 745 or 0303 123 1113

Information Commissioner's Office website (external website)

Further Information

If you have any further questions about how the data provided will be used by the Welsh Government or wish to exercise your rights using the General Data Protection Regulation, please contact the Denbighshire County Council's Data Protection Officer at:

Denbighshire County Council,
PO Box 62,
Ruthin,
LL15 9AZ.

Email: information@denbighshire.gov.uk

Licensing

How we use your information - Privacy notice for Licensing

The proper handling of personal information by Denbighshire County Council is very important to the delivery of our services and maintaining public confidence.

Personal data is any information that relates to a person who can be directly or indirectly identified from the information. The terms ‘information’ and ‘personal data’ are used throughout this privacy notice and have the same meaning.

To ensure that the Council treats personal information correctly, we seek to adhere in full to the requirements of Data Protection legislation.

This privacy notice has therefore been produced to explain as clearly as possible what we do with your personal data.

The purposes for which we use your personal data

The information we collect about you is used to:

  • Process and decide on licence/permit applications
  • Process notices
  • Provide public register information
  • Investigate complaints
  • Conduct regulatory enforcement activity, including with partner agencies

The legal basis for the processing of your information is to comply with our legal obligations under the following:  

  • Licensing Act 2003
  • Gambling Act 2005
  • Local Government (Miscellaneous Provisions) Act 1976
  • Town Police Clauses Act 1847
  • Local Government (Miscellaneous Provisions) Act 1982
  • House to House Collections Act 1939
  • Police, Factories etc. (Miscellaneous Provisions) Act 1916
  • Hypnotism Act 1952   

If you do not give us the information we need when we ask for it, this may result in the Council being unable to determine your licence or permit application, process your notice or comply with our statutory obligations.

What type of information do we use?

We collect the following types of personal data about you to deliver this service, depending on your circumstances:

  • Name
  • Address
  • Date of birth
  • Gender
  • Unique reference number
  • Telephone number
  • Email address
  • Bank/payment details
  • Employment and education details
  • National Insurance details
  • Images/photographs
  • Vehicle registration number
  • Information about your health
  • Your racial or ethnic origin
  • Criminal convictions and offences

Do we use information received from other sources?

To provide this service, we collect information directly from you but also receive information from the following external sources, depending on the type of licence:

  • The Fire and Rescue Service
  • The Police
  • Disclosure and Barring Services
  • NHS local health boards
  • Immigration services
  • Foreign Embassies if you are a foreign national or have lived abroad
  • National Fraud Initiative
  • National Register of Taxi Drivers
  • Department for Work and Pensions
  • HM Revenue and Customs
  • DVLA
  • Other local authorities

We also receive information from the following Council services:

  • Environmental Health
  • Trading Standards
  • Planning
  • Children’s Services
  • Resources
  • Highways
  • Events Safety Advisory Group
  • Chief Executive’s department
  • Legal Services

Transferring your information abroad

Your information will not be transferred outside the United Kingdom.

Who has access to your information?

We share your information with the following recipients depending on your circumstances:

  • The Fire and Rescue Service
  • The Police
  • Disclosure and Barring Services
  • NHS local health boards
  • Immigration services
  • Foreign Embassies if you are a foreign national or have lived abroad
  • National Fraud Initiative
  • National Register of Taxi Drivers
  • Department for Work and Pensions
  • HM Revenue and Customs
  • DVLA
  • Other local authorities

Where an application or issue has to be considered by the Council’s Licensing Committee or a sub-committee information about you will be heard in public.

There are also other specific situations where we may be required to disclose information about you, such as:

  • Where the Council is required to provide the information by law
  • Where disclosing the information is required to prevent or detect a crime
  • Where disclosure is in the vital interests of the person concerned

How long we will keep your information

We will keep your information for as long as the licence exists or up to 6 years after registration or entitlement lapses or in the case of authorisations for larger events we may keep the information for up to 20 years, in accordance with the Council’s Retention Guidelines.

Your Data Protection rights

You have the right to:

  • Obtain access to the personal data that the Council is processing about you
  • Have any inaccurate or incomplete information rectified (corrected)
  • Withdraw your consent to processing, where this is the only basis for the processing
  • Make a complaint to the Information Commissioner’s Office (ICO), the independent body in the UK which protects information rights

In some circumstances, you may have the right to:

  • Object to the processing of your personal information
  • The erasure of your personal data
  • Restrict the processing of your personal information
  • Data portability

Contact details

For more information regarding this privacy notice and your rights, please contact:

Data Protection Officer
Denbighshire County Council
PO Box 62
Ruthin
Denbighshire
LL15 9AZ

Email: dataprotection@denbighshire.gov.uk

Phone: 01824 706000

Contact details for the Information Commissioner’s Office (ICO) along with further guidance on Data Protection legislation can be found on the ICO website (external website).

Policy for Denbighshire County Council in respect of requests for information, disclosure of information, and use of information as a result of an entry on NR3

In this policy, the ‘first authority’ refers to a licensing authority which made a specific entry onto the National Register of Refusals and Revocations; the ‘second authority’ refers to a licensing authority which is seeking more detailed information about the entry.

Overarching principles

This policy covers the use that Denbighshire County Council (the “authority) will make of the ability to access and use information contained on the National Register of Taxi Licence Revocations and Refusals (NR3). The NR3 contains information relating to any refusal to grant, or revocation of, a taxi drivers’ licence. Throughout this policy reference is made to ‘taxi driver’s licence.’ This generic term covers a hackney carriage driver’s licence, a private hire driver’s licence and a combined/dual licence.

This information is important in the context of a subsequent application to another authority for a drivers’ licence by a person who has had their licence refused or revoked in the past.

This authority has signed up to the NR3. This means that when an application for a taxi drivers’ licence is refused, or when an existing taxi drivers’ licence is revoked, that information will be placed upon the register.

When an application for a new drivers’ licence, or renewal of an existing drivers’ licence is received, this authority will make a search of the NR3. The search will only be made by an officer who has been trained in the use of the NR3 and who is acting in accordance with this policy. If details are found that appear to relate to the applicant, a request will be made to the authority that entered that information for further details.

Any information that is received from any other authority in relation to an application will only be used in relation to that application, and the determination of it, and will not be used for any other purpose. Any data that is received will only be kept for as long as is necessary in relation to the determination of that application. This will include the period of processing that application, making a decision, notifying the applicant of the outcome of that decision, and the appeal processes.

For the avoidance of doubt, any such data will be kept for a period of no more than 35 days from the date of the service of the written notification of the determination of the application.

The appeal period is 21 days from the date on which the written notification of the decision was received by the applicant/licensee. An appeal must be lodged within that time period, and no extension of that period is permissible (see Stockton-on-Tees Borough Council v Latif [2009] LLR 374). However, to ensure that the information is available if an appeal is lodged and there is a dispute over time periods, a period of 35 days is specified.

Where an appeal to the magistrates’ court is made, the data will be retained until that appeal is determined or abandoned. Where the appeal is determined by the magistrates’ court, there is a further right of appeal to the Crown Court. In these circumstances, the data will be retained for a period of no more than 35 days from the date of the decision of the magistrates’ court. If an appeal is made to the Crown Court, the data will be retained until that appeal is determined or abandoned. Where the appeal is determined by the magistrates’ court or the Crown Court, it is possible to appeal the decision by way of case stated. 

Any appeal by way of case stated must be lodged within 21 days of the decision of either the magistrates’ court or the Crown Court (see The Criminal Procedure Rules R35.2). To ensure that the information is available if an appeal is lodged by way of case stated and there is a dispute over time periods, a period of 35 days is specified.

Accordingly, the data will be retained for a period of no more than 35 days from the date of the decision of the Crown Court (if the decision was made by the magistrates’ court, the retention period has already been addressed). If an appeal by way of case stated is made, the data will be retained until all court proceedings relating to that appeal by way of case stated (which will include potential appeals to the Court of Appeal and Supreme Court) have been determined.

Decisions of the local authority, magistrates’ Court and Crown Court are also susceptible to judicial review. Generally any right of appeal should be exercised in preference to judicial review, but there are occasions when leave has been granted for judicial review in the circumstances. Any application for judicial review must be made “promptly; and in any event not later than 3 months after the grounds to make the claim 1st arose” (see The Civil Procedure Rules R54.5). If an application for judicial review is made after any relevant data has been destroyed, this authority will request the information again and then retain that information until all court proceedings relating to that judicial review (which will include potential appeals to the Court of Appeal and Supreme Court) have been determined.

The data will be held securely in accordance with this authority’s general policy on the secure retention of personal data. At the end of the retention period, the data will be erased and/or destroyed in accordance with this authority’s general policy on the erasure and destruction of personal data. 

Making a request for further information regarding an entry on NR3

This section relates to the submission of a request by the second authority.

When an application is made to this authority for the grant of a new, or renewal of, a taxi driver’s licence, this authority will check the NR3.

This authority will make and then retain a clear written record (this can be electronic, rather than “pen and paper” hard copy) of every search that is made of the register. This will detail:

  • the date of the search
  • the name or names searched
  • the reason for the search (new application or renewal)
  • the results of the search
  • the use made of the results of the search (this information will be entered to the register at a later date)

This record will not be combined with any other records (i.e. combined with a register of licences granted) and will be retained for the retention period of 25 years.

If this authority discovers any match (i.e. there is an entry in the register for the same name and identifying details) a request will be made to the authority that entered those details (the first authority) for further information about that entry. That request will also include details of this authority’s data protection policy in relation to the use of any data that is obtained as a result of this process.

This request will be made in writing using an approved form.  It will be posted or emailed to the contact address of the authority that entered those details (the first authority) which will be detailed in the register.

Responding to a request made for further information regarding an entry on NR3

This section of the template policy relates to the handling by the first authority of a request for information by the second authority.

When this authority receives a request for further information from another authority a clear written record will be made of the request having been received. This record will not be combined with any other records (i.e. combined with a register of licences granted) and will be retained for the retention period of 25 years. This record can be combined with the written record of the action taken as a result of the request.

This authority will then determine how to respond to the request. It is not lawful to simply provide information as a blanket response to every request.

This authority will conduct a Data Protection Impact Assessment. This will consider how the other authority (the second authority) will use the data, how it will store that data to prevent unauthorised disclosure, the retention period for that data, and the mechanism for erasure or destruction of the data at the end of that period. It is expected that if the second authority has adopted a policy similar to this, that should be a reasonably straightforward process.

If this authority is satisfied that the other authority’s (the 2nd authority) data protection procedures are satisfactory, consideration will then be given as to what information will be disclosed (if the 1st authority is not satisfied that the 2nd authority’s data protection policy is satisfactory, no disclosure can be made. In such circumstances it is essential that discussion takes place as a matter of urgency between the data protection officers of the 1st authority and the 2nd authority). This will be determined by an officer who has been trained to discharge this function.

Any disclosure must be considered and proportionate, taking into account the data subjects’ rights and the position and responsibilities of a taxi driver. Data is held on the NR3 register for a period of 25 years, but this authority (the 1st authority) will not disclose information relating to every entry. Each application will be considered on its own merits.

This authority will disclose information relating to a revocation or refusal to grant a drivers’ licence in accordance with the timescales contained within the Statement of Policy Regarding the Suitability of Applicants and Licensees in the Hackney and Private Hire Trades.

Licences, permits and Trading Standards policies

Where the reason for refusal to grant or revocation relates to a conviction (or similar as defined in the Policy) which is within the timescales determined in those guidelines, the information will be disclosed. Where the reason for refusal to grant or revocation relates to a conviction (or similar as defined in the Policy) which is outside the timescales determined in those guidelines, the information will not be disclosed. However, in every case, consideration will be given to the full circumstances of the decision and there may be occasions where information is provided other than in accordance with this policy.

Any information about convictions will be shared in accordance with this policy under part 2 of scheduled 1 to the Data Protection Act (DPA) 2018; that is, the processing is necessary for reasons of substantial public interest in connection with the exercise of a function conferred on the authority by an enactment or rule of law.

The officer will record what action was taken and why. This authority will make and then retain a clear written record (this can be electronic, rather than “pen and paper” hard copy) of every decision that is made as a result of a request from another authority. This will detail:

  • the date the request was received
  • how the data protection impact assessment was conducted and its conclusions
  • the name or names searched
  • whether any information was provided
  • if information was provided, why it was provided (and details of any further advice obtained before the decision was made)
  • if information was not provided, why it was not provided (and details of any further advice obtained before the decision was made)
  • how and when the decision (and any information) was communicated to the requesting authority

This record will not be combined with any other records (i.e. combined with a register of licences granted) and will be retained for the retention period of 25 years

Using any information obtained as a result of a request to another authority

When this authority receives information as a result of a request that has been made to another authority, it will take that information into account when determining the application for the grant or renewal of a taxi drivers’ licence. This will be in accordance with the usual process for determining applications as outlined in the Statement of Policy Regarding the Suitability of Applicants and Licensees in the Hackney and Private Hire Trades.

This authority will make and then retain a clear written record of the use that is made of the results of the search (this information will be added to the register detailed above).

Information that is received may warrant significant weight being attached to it, but it will not be the sole basis for any decision that this authority will make in relation to the application.

Monitoring Information of Parents, Children and Providers using the Childcare Offer

Monitoring Information of Parents, Children and Providers using the Childcare Offer

What personal data do we hold and where do we get this information?

Personal data is defined under the General Data Protection Regulation (GDPR) as ‘any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier’. Special category data such as ethnic group or health condition has additional protection under data protection law.

The Welsh Government has access to personal and special category data of parents, carers and children receiving services from local authorities.  The data that we regularly receive on parents, carers and children is explained in detail in Annex 1 to this privacy notice. Your name and contact details are not regularly passed to Welsh Government for monitoring with the data outlined in Annex 1. However, your name and contact details will be provided to Welsh Government by your Local Authority when needed for evaluation purposes. Your child’s name will not be provided.

Additionally, the Welsh Government has access to personal data of childcare providers delivering services funded by the Welsh Government under the childcare offer. The data that we regularly receive on child care providers is explained in detail in Annex 2 to this privacy notice. The Welsh Government will not share your name with a third party e.g. non-government agencies and researchers unless your name is your business name which is publically available.

The Childcare Offer programme is periodically evaluated to assess the performance of the programme and help Welsh Ministers make decisions relating to the development of the policy in relation to the Childcare Offer. If you are contacted to take part in research activities related to the Childcare Offer you will be issued a separate Privacy Notice outlining how information generated by the research will be collected, held and used. Taking part in research is voluntary and you will not be identified in any reports.

Your data is linked anonymously to other data sources as part of the Secure Anonymised Information Linkage (SAIL) databank for non‑commercial research purposes only, unless you ask for this linkage to not take place (see the explanatory note).

What is the lawful basis for using your data?

The lawful basis for processing information in this data collection exercise is our public task; that is, exercising our official authority to undertake the core role and functions of the Welsh Government. Some of the data we are collecting are called ‘special category data’ (in this case ethnicity) and the lawful basis for processing this information is that it is for statistical or research purposes.

This enables the operation of, and provides information which will help the Welsh Ministers to make decisions relating to the development of the policy in relation to, the Childcare Offer which is being delivered to improve economic and social well-being in Wales in accordance with section 60 of the Government of Wales Act 2006.

The data sent to Welsh Government will be used:

  • to measure how well Welsh Government and Local Authorities are delivering their services to you and your child;
  • to support improvements to these services;
  • to allocate money to Local Authorities and others; or
  • to support wider research into the provision of services to you and your child, or others;
  • to link data from this form to other data sources for the purpose of evaluating the impact of the project on the individuals who take part.

The data sent to Welsh Government will not be used by them:

  • to take any action in relation to you or your child, or your childcare setting; nor
  • to identify you or your child in any reports.

How secure is your personal data?

Personal data is transferred via Objective Connect, a secure data transfer system. Data is stored within folders on secure networks which have access restricted to Welsh Government officials working on the Childcare Offer.

All data gathered will be reported in an anonymised format when used in statistical or research reports. No reports will contain your contact details nor any information that could be used to identify individuals. Aggregate data will also be placed on the StatsWales data website.

When the Welsh Government commissions an evaluation of the Childcare Offer this work will be carried out by an accredited third party (e.g. a research organisation or a consultancy company). Any such work will only be undertaken under contract. Welsh Government’s standard terms and conditions for such contracts set out strict requirements for the processing and safekeeping of personal data.

How long do we keep your personal data?

Any personal data transferred to Welsh Government will be deleted three years after the date it was received.

The NHS Wales Informatics Service (NWIS) based in Swansea University also have access to a part of your personal data for a period of three months, until the data linking with Secure Anonymised Information Linkage (SAIL) is complete.

Individual rights

Under GDPR, you have the following rights in relation to the personal information you provide as part of the Childcare Offer for Wales you have the right:

  • To access a copy of your own data;
  • For us to rectify inaccuracies in that data;
  • To object to or restrict processing (in certain circumstances);
  • For your data to be ‘erased’ (in certain circumstances); and
  • To lodge a complaint with the Information Commissioner’s Office (ICO) who is our independent regulator for data protection.

The contact details for the Information Commissioner’s Office are:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 01625 545 745 or 0303 123 1113 or visit the Information Commissioner's Office website (external website).

Further information

If you have any further questions about how your data will be used by the Welsh Government or wish to exercise your rights using the General Data Protection Regulation, please contact:

Childcare Offer Team
CP2, Crown Buildings
Cathays Park
Cardiff
CF10 3NQ

Email: Talkchildcare@gov.wales

The Welsh Government’s Data Protection Officer can be contacted at:

Welsh Government
Cathays Park
Cardiff
CF10 3NQ

Email: DataProtectionOfficer@gov.wales.

We explain on our website how the Freedom of Information Act and data protection law interact. More information on requesting information from the Welsh Government.

Explanatory note

The SAIL Databank is a databank of anonymised data about the population of Wales, which is internationally recognised for the robust secure storage and use of anonymised person-based data for research to improve health, well-being and services. Respondents are able to opt out of having their answers linked. More information about linking and matching data on Gov.Wales (external website).

Annex 1

Which data does Welsh Government have access to?

Parents of children taking up the childcare offer- Eligibility checking 

Local authorities ask for details of you, as either the parent or carer of such child, or children and the children receiving services under the childcare offer to check your eligibility to receive the offer against eligibility criteria as set by the Welsh Government. This includes:

Your working hours and wage

This information is also passed to Welsh Government by the Local authority anonymously, which means this data will not include your name or that of your child.

The date of birth of the child you are applying to receive the childcare offer for

This information is also passed to Welsh Government by the Local authority anonymously, which means this data will not include your name or that of your child.

Your address

Your postcode is passed to Welsh Government by the Local authority anonymously, which means this data will not include your name or that of your child.

Information about benefits you are claiming that may entitle you to the childcare offer

This is not passed to the Welsh Government.

Parents / Carers of, and children taking up the childcare offer

Local authorities provide details of you, as either the parent or carer of such child, or children and the children receiving services under the childcare offer from them to Welsh Government, and this includes:

Data about your child and you as the parent(s)/carer(s):
  • Gender
  • Date of Birth
  • Postcode
  • Local authority
  • Ethnicity
  • Whether your child has a special educational need (SEN)
  • Your salary information
  • Your average weekly hours worked
  • Whether you accessed any Flying Start services – no information on what services collected
Basic details of the services provided to you and your child prior to taking up the childcare offer:
  • Your rating of affordability of childcare prior to taking up the childcare offer
  • Your monthly average spend on childcare prior to taking up the childcare offer
  • The number of hours of paid childcare you used on average each week prior to taking up the offer
  • The number of hours of unpaid childcare you used on average each week prior to taking up the offer
Basic details of the services provided to you and your child in taking up the childcare offer:
  • The number of hours you have applied for the child under the childcare offer
  • The number of hours your child attends the hours booked under the childcare offer
  • The language provision of the childcare your child is accessing
  • Your preference of language provision for your child to access the offer
  • Your child’s attendance at Foundation Phase Nursery Provision
  • The Care Inspectorate Wales (CIW) register number of the childcare provider(s) you are accessing the childcare offer at

Annex 2

Childcare providers delivering services under the childcare offer

Local authorities provide details of you as a provider delivering services under the childcare offer to Welsh Government, and this includes:

  • Your contact details including – name, telephone number, email address and postal address and Care Inspectorate Wales (CIW) registration number
  • The language provision of your setting as self-declared to the local authorities and to Care Inspectorate Wales (CIW)
  • The number of hours that each child receiving the childcare offer in your setting have booked with you and how many hours they have actually attended

Any additional costs which parents have incurred through taking up the offer at your setting including; food costs, travel costs, and any additional hours they take up at your setting on top of the childcare offer.